Disaster Recovery Compliance

The last few years have seen a huge leap forward in disaster recovery for many IT organizations. The use of Virtualization and lower cost replication has seen DR move from being a nightmare to a standard business service. As a result a lot of organizations have a green tick where they used to have a question mark on their audit results. As a result the auditors are now able to look a little deeper and start asking whether the DR solution you have is fit for purpose.

So how are you going to show the auditors, or the business owners, that the DR you have provided is up to the job? One technique is frequent tests with application functional testing as part of the test process. The problem here is that these tests are a point in time, sure we can now do quarterly tests in place of the annual tests we used to do but what about the changes between quarters? This is the area where NeverFail is focussing their attention as they develop the IT Continuity Architect product which they showed us at Tech Field Day 9 in June. The product they showed was a very early internal build with a lot of dashboard still to be built.

The central premise is to automatically discover systems in your infrastructure and map the interdependencies. Once the systems are identified you apply policies to DR priorities and the application reports on compliance. An example of non-compliance would be a system with an RPO (maximum permissible lost data) of 30 minutes where the storage replication takes 90 minutes to complete. It is easy to see where this will help with business certainty about the viability of DR processes. Many DR products will let you test that you get a working system when you run your DR process but how many will tell you when your data is going to be too old to be acceptable? Finding this out after the disaster has occurred is a little late.

It was intriguing to hear about the product before it was finished and to be able to give feedback to the product team before they shipped the product. If you watch the videos you will get a sense of just how early in development we saw this. The marketing message and value proposition was hard to get to but once we got there the delegates were very interested. There was quite a lot of off camera discussion afterwards about who the target market should be, I’m picking large companies in regulated and compliance heavy industries like finance and pharmaceutical. It will be some time before this comes to market, no doubt there will be changes before it does and I look forward to seeing the result as there are a few financial organizations in my region that have deployed DR products and may need some audit reporting on their fitness for purpose.

Disclosure: I learned about NeverFail’s IT Architect while attendingTech Field Day 9, my travel and accommodation costs to attend were paid by Tech Field Day. However no monetary compensation is expected nor received for the content that is written in this blog.